Merge pull request #111 from GSA-TTS/terraform-updates

Terraform updates
GSA-TTS · Jan 15, 2025 · 3fe96db · 3fe96db
2 parents b381784 + da3fbcb
commit 3fe96db
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 121 deletions.
diff --git a/terraform/app.tf b/terraform/app.tf
@@ -22,16 +22,11 @@ resource "cloudfoundry_app" "app" {
   space_name = var.cf_space_name
   org_name   = local.cf_org_name
 
-  path                       = data.archive_file.src.output_path
-  source_code_hash           = data.archive_file.src.output_base64sha256
-  buildpacks                 = ["ruby_buildpack"]
-  strategy                   = "rolling"
-  instances                  = var.web_instances
-  memory                     = var.web_memory
-  command                    = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server"
-  health_check_http_endpoint = "/up"
-  health_check_type          = "http"
-  routes                     = [{ route = "${local.host_name}.${local.domain}" }]
+  path             = data.archive_file.src.output_path
+  source_code_hash = data.archive_file.src.output_base64sha256
+  buildpacks       = ["ruby_buildpack"]
+  strategy         = "rolling"
+  routes           = [{ route = "${local.host_name}.${local.domain}" }]
 
   environment = {
     no_proxy                 = "apps.internal,s3-fips.us-gov-west-1.amazonaws.com"
@@ -41,20 +36,22 @@ resource "cloudfoundry_app" "app" {
     RAILS_SERVE_STATIC_FILES = "true"
   }
 
-  # processes = [
-  #   # {
-  #   #   type      = "worker"
-  #   #   instances = var.worker_instances
-  #   #   memory    = var.worker_memory
-  #   #   command   = "bundle exec sidekiq"
-  #   # },
-  #   {
-  #     type      = "web"
-  #     instances = var.web_instances
-  #     memory    = var.web_memory
-  #     command   = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server"
-  #   }
-  # ]
+  processes = [
+    # {
+    #   type      = "worker"
+    #   instances = var.worker_instances
+    #   memory    = var.worker_memory
+    #   command   = "bundle exec sidekiq"
+    # },
+    {
+      type                       = "web"
+      instances                  = var.web_instances
+      memory                     = var.web_memory
+      health_check_http_endpoint = "/up"
+      health_check_type          = "http"
+      command                    = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server"
+    }
+  ]
 
   service_bindings = [
     { service_instance = "egress-proxy-${var.env}-credentials" },

diff --git a/terraform/bootstrap/main.tf b/terraform/bootstrap/main.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry/cloudfoundry"
-      version = "1.1.0"
+      version = "1.2.0"
     }
   }
 }
@@ -36,15 +36,15 @@ locals {
   s3_plan_name = "basic-sandbox"
 }
 module "mgmt_space" {
-  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2"
+  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
 
   cf_org_name   = local.org_name
   cf_space_name = var.mgmt_space_name
   developers    = var.terraform_users
 }
 
 module "s3" {
-  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.0.2"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.1.0"
 
   cf_space_id  = module.mgmt_space.space_id
   name         = "continuous_monitoring-terraform-state"

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -5,24 +5,18 @@ locals {
 }
 
 module "app_space" {
-  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2"
-
-  cf_org_name   = local.cf_org_name
-  cf_space_name = var.cf_space_name
-  allow_ssh     = var.allow_space_ssh
-  deployers     = local.space_deployers
-  developers    = var.space_developers
-}
-# temporary method for setting egress rules until terraform provider supports it and cg_space module is updated
-data "external" "set-app-space-egress" {
-  program     = ["/bin/sh", "set_space_egress.sh", "-t", "-s", var.cf_space_name, "-o", local.cf_org_name]
-  working_dir = path.module
-  # depends_on line is required only for initial creation and destruction. It can be commented out for updates if you see unwanted cascading effects
-  depends_on = [module.app_space]
+  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
+
+  cf_org_name          = local.cf_org_name
+  cf_space_name        = var.cf_space_name
+  allow_ssh            = var.allow_space_ssh
+  deployers            = local.space_deployers
+  developers           = var.space_developers
+  security_group_names = ["trusted_local_networks_egress"]
 }
 
 module "database" {
-  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.0.2"
+  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.1.0"
 
   cf_space_id   = module.app_space.space_id
   name          = "${local.app_name}-rds-${var.env}"
@@ -32,7 +26,7 @@ module "database" {
 }
 
 # module "redis" {
-#   source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.0.2"
+#   source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.1.0"
 
 #   cf_space_id     = module.app_space.space_id
 #   name            = "${local.app_name}-redis-${var.env}"
@@ -52,7 +46,7 @@ module "database" {
 ###########################################################################
 module "domain" {
   count  = (var.custom_domain_name == null ? 0 : 1)
-  source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.0.2"
+  source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.1.0"
 
   cf_org_name   = local.cf_org_name
   cf_space      = module.app_space.space
@@ -64,23 +58,18 @@ module "domain" {
 }
 
 module "egress_space" {
-  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2"
-
-  cf_org_name   = local.cf_org_name
-  cf_space_name = "${var.cf_space_name}-egress"
-  allow_ssh     = var.allow_space_ssh
-  deployers     = local.space_deployers
-  developers    = var.space_developers
-}
-# temporary method for setting egress rules until terraform provider supports it and cg_space module is updated
-data "external" "set-egress-space-egress" {
-  program     = ["/bin/sh", "set_space_egress.sh", "-p", "-s", module.egress_space.space_name, "-o", local.cf_org_name]
-  working_dir = path.module
-  depends_on  = [module.egress_space]
+  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
+
+  cf_org_name          = local.cf_org_name
+  cf_space_name        = "${var.cf_space_name}-egress"
+  allow_ssh            = var.allow_space_ssh
+  deployers            = local.space_deployers
+  developers           = var.space_developers
+  security_group_names = ["public_networks_egress"]
 }
 
 module "egress_proxy" {
-  source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.0.2"
+  source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.1.0"
 
   cf_org_name     = local.cf_org_name
   cf_egress_space = module.egress_space.space

diff --git a/terraform/providers.tf b/terraform/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry/cloudfoundry"
-      version = "1.1.0"
+      version = "1.2.0"
     }
     cloudfoundry-community = {
       source  = "cloudfoundry-community/cloudfoundry"

diff --git a/terraform/sandbox_bot/main.tf b/terraform/sandbox_bot/main.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry/cloudfoundry"
-      version = "1.1.0"
+      version = "1.2.0"
     }
   }
   backend "local" {}

diff --git a/terraform/set_space_egress.sh b/terraform/set_space_egress.sh